On 03/09/2013 11:59 PM, Michael Orlitzky wrote: > On 03/09/2013 08:42 PM, Walter Dnes wrote: >> On Fri, Mar 08, 2013 at 07:41:13PM -0500, Michael Mol wrote >> >>> The trouble with NAT is that it destroys peer-to-peer protocols. The >>> first was FTP in Active mode. >> >> In its day, it was OK. Nowadays, we use passive mode. What's the >> problem? >> > > It also doesn't work under NAT, it's just broken in the other direction. > > >>> SIP has been heavily damaged as well. Anyone who's used IRC is >>> familiar with the problems NAT introduces to DCC. >> >> Every ADSL router-modem I've run into recently has port-forwarding. >> >>> Anyone who's ever played video games online,... >> >> A *CLIENT* that can't operate from behind NAT is totally brain-dead. >> > > But you must have one non-NATed "server" for anything to work. I assume > that's what was meant by "it destroys peer-to-peer protocols." You have > to draw an arbitrary distinction between machines that work together, > "servers," and ones that don't, "clients."
Indeed. > > The problem will become more and more apparent as ipv4 space dries up > and everyone becomes a client. Although ISPs will be more than happy to > sell you a useful connection, for a premium. This has happened to a friend of mine...and he *can't* get a public IP from his rural ISP. > > Un-NATed addresses are like, type-O blood. Imagine how much better off > we'd be if we could get everyone to switch their blood to type-O. Might > be less painful than the ipv6 transition, too =) > > >>> or who's tried hosting a Teamspeak or Ventrillo server, has had NAT >>> get in their way as well. >> >> Port-forwarding. >> > > Port forwarding can work, but only for one host when the ports are > standardized. You can't forward e.g. port 443 to two hosts, so only one > host behind the NAT can be accessible on 443. > > If you're using your NAT as a firewall for one box, then who cares. But > you can't put more than one machine behind it and have everything still > work. Since we've already run out of IPv4 addresses, port forwarding is starting to fail even for that circumstance; if your ISP hands you an RFC1918 address, you're screwed.
signature.asc
Description: OpenPGP digital signature
